# Fortinet VPN add-on This add-on provides a Fortinet VPN connection that runs as a sidecar container alongside your application. It allows your application to access resources that are only available through your institution's VPN network. ## Required Configuration To use the Fortinet VPN add-on, you must configure the following secrets or environment variables. **It is strongly recommended to use secrets** for sensitive information like credentials and VPN addresses. ### VPNADDR (Required) The VPN server address and port in the format `server:port` (e.g., `vpn.example.edu:443`). **Best practice:** Configure this as a secret in your application settings. ### VPNUSER (Required) Your institutional VPN username. **Best practice:** Configure this as a secret in your application settings. ### VPNPASS (Required) Your institutional VPN password. **Best practice:** Configure this as a secret in your application settings. {% hint style="info" %} **Fallback credentials:** If VPNUSER and VPNPASS are not configured, the system will fall back to using APP\_USERNAME and APP\_PWD secrets. If those are also not configured, a modal dialog will prompt you for credentials at application startup. {% endhint %} ## Optional Configuration for MATLAB Users ### LICENSESERVERS (Optional) A list of MATLAB license server hostnames/IP addresses to be made available through the VPN connection. This can be configured as an environment variable or secret in your application settings. ### MLM\_LICENSE\_FILE (Optional) If you are using MATLAB and need to connect to a license server through the VPN, set this environment variable to point to the license server(s) specified in LICENSESERVERS. It should take the form of a semicolon-separated list of `port@host` entries. ## Configuration Precedence When the same variable is defined at multiple levels, the following precedence order applies (highest to lowest priority): 1. **Effective secrets** (personal > space > organization) 2. **Effective environment variables** (personal > space > organization) 3. **Application-level environment variables** 4. **Image-level environment variables** 5. **Sidecar-level environment variables** 6. **Fallback credentials** (APP\_USERNAME/APP\_PWD used as VPNUSER/VPNPASS) This means that if you set VPNADDR as both a personal secret and a space-level environment variable, the personal secret value will be used. ## Startup Behavior The startup behavior depends on whether you have configured credentials as secrets: ### With Configured Secrets If you have set VPNUSER and VPNPASS secrets (or APP\_USERNAME and APP\_PWD fallback secrets), the VPN connection is automatically established using those credentials when the application starts. ### Without Configured Secrets If you have not configured VPNUSER and VPNPASS (and APP\_USERNAME and APP\_PWD are also not set), a modal dialog will appear during application startup: 1. You will be prompted to enter your institutional username 2. You will be prompted to enter your institutional password 3. The credentials will be used for this session only In both cases, the application will wait for the VPN connection to be successfully established before becoming available. During startup, you will see messages indicating that the application is waiting for the VPN sidecar to connect. ### Two-Factor Authentication (2FA) If your institution requires two-factor authentication: 1. A one-time password (OTP) prompt may appear during application startup 2. Enter your OTP code when prompted 3. The VPN connection will establish using the provided OTP {% hint style="info" %} If the VPN connection fails due to incorrect credentials, you will need to update the VPNUSER and VPNPASS secrets with the correct values (or re-enter credentials in the modal dialog), then stop and restart the application. {% endhint %} ## Application Behavior {% hint style="info" %} If you add a Fortinet VPN add-on to your application, your application will start in shared mode. {% endhint %} The application will not start until the VPN connection is successfully established. During startup, you will see messages indicating that the application is waiting for the VPN sidecar to connect. ## Troubleshooting If your application fails to start with the Fortinet VPN add-on: * **VPN credentials missing error**: Ensure that VPNUSER and VPNPASS secrets are configured. Alternatively, ensure both APP\_USERNAME and APP\_PWD secrets are set as fallback credentials. If neither is configured, the modal dialog will appear for credential entry. * **VPN address missing error**: Ensure that VPNADDR is configured as a secret or environment variable in the format `server:port`. * **VPN connection unsuccessful**: Verify that your VPNUSER and VPNPASS credentials are correct, then stop and restart the application. * **2FA required**: If your institution uses two-factor authentication, ensure you enter the OTP when prompted during startup. * **Connection timeout**: Check that VPNADDR is correctly formatted as `server:port` and points to your institution's VPN server. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nuvolos.com/features/applications/add-ons/fortinet-vpn-add-on.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.